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[Claims] 

[Claim 1] An individual authentication method for 
authenticating a user's identification by extracting physical 
characteristics inherent in an individual person and using the 
physical characteristics, characterized by: 

with authentication results in several kinds of physical 
characteristics stored in a table, .selecting the most suitable 
physical characteristics for the authentication, of the several 
kinds of physical characteristics , by calculating an estimation 
function indicating a reliability of each kind of physical 
characteristics using information on a predetermined security 
level of the individual authentication and the information of 
the table ; requesting a user to enter the corresponding physical 
characteristics; and comparing the physical characteristics 
obtained from the user with the previously-registered physical 
characteristics of a specified individual person, so to judge 
whether the above physical characteristics belong to the 
specified individual person or not; when it is judged that the 
above physical characteristics belong to the specified 
individual person, finishing the authentication processing, 
while when it is not judged, performing the authentication by 
using a next candidate for the physical characteristics from 
the estimation function, in a way of repeating step-by-step 
selectionof thephysical characteristics until usingall several 
kinds of physical characteristics. 

[Claim 2] An individual authentication method for 
authenticating a user's identification by extracting physical 
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characteristics inherent in an individual person and using the 
physical characteristics, in which a user terminal is connected 
to a center system through a communication network and the center 
system or a user selects one kind of physical characteristics 
to use for authentication , one by one , of several kinds of physical 
characteristics , the method characterized in that when the center 
system selects physical characteristics, with authentication 
results of the several kinds of physical characteristics stored 
in a table, the center system selects the most suitable physical 
characteristics for the authentication, of the several kinds 
of physical characteristics, by calculating an estimation 
function indicating a reliability of each kind of physical 
characteristics by using information'on a predetermined security 
level of the individual authentication and the . information of 
the above table, and transmits a name of the above physical 
characteristics to the user terminal; the user enters the 
physical- characteristics specified by the center system, 
extracts the physical characteristics , and transmits the above 
to the center system; the center system compares the physical 
characteristics transmitted from the user terminal with the 
previously-registered physical characteristics of the 
specified individual person , so to judge whether the above 
physical characteristics belong to the above specified 
individual person or not, when it is judged that the above 
characteristics belong to the specified individual person, the 
center system finishes the authentication processing , while when 
it is not judged, it performs the authentication by using a next 
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candidate for the physical characteristics according to the 
selection, step by step, repeatedly until using all the several 
kinds of physical characteristics; while when the user selects 
physical characteristics, the user enters the own specified 
physical information, extracts the physical characteristics, 
and transmits the same to the center system; the center system 
compares the physical characteristics transmitted from the user 
terminal with the previously-registered physical 
characteristics of the specified individual person, so to judge 
whether the above physical characteristics belong to the ■ 
specified individual person or not, when it is judged that the 
above characteristics belong to the specified individual person, 
the center system finishes the authentication processing, while 
when it is not judged, it performs the authentication by using 
a next candidate for the physical characteristics according to 
the specification, step by step, repeatedly until using all the 
several kinds of physical characteristics. 
[Claim 3] An individual authentication method for 
authenticating a user's identification by extracting physical 
characteristics inherent in an individual person and using the 
physical characteristics, in which a user terminal is connected 
to a center system through a communication network, the center 
system or a user selects the physical characteristics to use 
for authentication, one by one, of several kinds of the physical 
characteristics, and the processing concerned with the 
authentication is divided into two of preprocess andpost-prpcess , 
the method characterized in that when the center system selects 



3 



physical characteristics, with authentication results of the 
several kinds of physical characteristics stored in a table, 
the center system transmits the most suitable physical 
characteristics for the authentication, of the several kinds 
of physical characteristics, by calculating an estimation 
function indicating a reliability of each kind of physical 
characteristics by using information on a predetermined security 
level of the individual authentication and information of the 
table and a processing method of the preprocess to the terminal ; 
the terminal enters the physical characteristics specified by 
the center system according to the preprocessing, extracts the 
physical characteristics, and transmits the above to the center 
system; the center system compares the physical characteristics 
transmitted from the terminal with the previously-registered 
physical characteristics of the specified individual person 
according to the post-processing, so to judge whether the above 
physical characteristics belong to the specified individual 
person or not, when it is judged that the above characteristics 
belong to the specified individual person, the center system 
finishes the authentication processing, while when it is not 
judged, it performs the authentication by using a next candidate 
for the physical characteristics according to the selection, 
step by step, repeatedly until using all the several kinds of 
physical characteristics; while when the user selects physical 
characteristics to use, the user terminal enters the physical 
information specified by the user according to the preprocessing 
method transmitted from the authentication server, extracts the 
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physical characteristics, and transmits the same to the center 
system; the center system compares the physical characteristics 
transmitted form the terminal with the previously-registered 
physical characteristics of the specified individual person 
according to the post-processing, so to judge whether the above 
physical characteristics belong to the specified individual 
person or not, when it is judged that the above physical 
characteristics belong to the specified individual person, the 
center system finishes the authentication processing , while when 
it is not judged, it performs the authentication by using a next 
candidate for the physical characteristics according to the 
specification, step by step, repeatedly until using all the 
several kinds of physical characteristics. 

[Claim 4] The individual authentication method according to 
Claim 2 or Claim 3 , characterized in that a communication between 
the center system and the user terminal is performed by a public 
key coding method. 

[Claim 5] The individual authentication method according to 
one of Claims 1 to 3, characterized in that contents of the table 
are updated according to judgment results obtained in every 
authentication. 

[Claim 6] A storing medium of storing an individual 
authentication program for making a computer execute processing 
for authentication by using one of several kinds of physical 
characteristics, characterized by comprising 

a procedure of storing authentication results into a table, a 
procedure for setting a security level of individual 
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authentication, a procedure of selecting the most suitable 
physical characteristics for authentication, of the several 
kinds of physical characteristics , by calculating an estimation 
function indicating a reliability of each kind of physical 
characteristics using information of the security level and 
information of the table, and a procedure of comparing the 
physical characteristics obtained from a user with the 
previously-registered physical characteristics of a specified 
individual person, so to judge whether the above physical 
characteristics belong to, the specified individual person or 
not; when it is judged that the above physical characteristics 
belong to the specified individual person, finishing the 
authentication processing, while when it is not judged, 
performing the authentication by using a next candidate for the 
physical characteristics from the above estimation function, 
step by step, repeatedly until using all the several kinds of 
physical characteristics. 

[Claim 7] The storing medium of storing the individual 
authentication program according to Claim 6, characterized in 
that contents of the table are updated according to judgment 
results obtained in every authentication/ 

[Claim 8] A storing medium which stores an individual 
authentication program for performing processing of a center 
system for authentication by a center system's or a user's 
selecting physical characteristics to use , one by one , of several 
kinds of physical characteristics , with a user terminal connected 
to the center system through a communication network, 
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characterized by comprising a procedure of storing 
authentication results of the several kinds of physical 
characteristics into a table, a procedure of setting a security 
level of individual authentication, a procedure of selecting 
the most suitable physical characteristics for authentication, 
of the several kinds of physical characteristics , by calculating 
an estimation function indicating a reliability of each kind 
of physical characteristics using information of the security 
level and information of the table, and a procedure of comparing 
the physical characteristics transmitted from the user terminal 
with the previously-registered physical characteristics of a 
specified individual person, so to judge whether the above 
physical characteristics belong to the specified individual 
person or not; when it is judged that the above physical 
characteristics belong to the specified individual person, 
finishing the authentication processing, while when it is not 
judged, performing the authentication by using a next candidate 
for the physical characteristics from the above, estimation 
function, step by step, repeatedly until using all the several 
kinds of physical characteristics. 

[Claim 9] A storing medium of storing an individual 
authentication program for performing processing of a user 
terminal for authentication by a center terminal's or a user's 
selecting physical characteristics to use , one by one , of several 
kinds of physical characteristics , witha user terminal connected 
to the center system through a communication network, 
characterized by comprising a procedure of setting a security 
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level of individual authentication by the user itself, a 
procedure of entering the specified physical information, 
extracting the physical characteristics, and transmitting the 
above to the center system, and a procedure of repeating 
step-by-step selection such as authenticating the user by using 
a next candidate for the physical characteristics according to 
the specification when the user is not authenticated in the center 
system, until using all the several kinds of physical 
characteristics. 

[0003] 

[Problems to be Solved by the Invention] 

The use method of several items of biometric information 
is roughly divided in the- following two types. At first, the 
authenticating means is doubled and as shown in Japanese Patent 
Publication No. 10-137222, when a user is not authenticated by 
using one of the two kinds of biometric information, a method 
of performing the authentication" by using the other is used, 
hence to prevent from a wrong rejection in the case of the 
identified user. At second, /the authentication accuracy is 
improved, andas shown in Japanese Patent PublicationNo .08-16788 
and No . 10-137221 , a weighting connection of the authentication 
results of several items of biometric information is often used. 
In the first method, however, the user acceptance becomes easy 
but a function of rej ection of the other person is deteriorated, 
and in the second method, since the weight . is fixed, it has the 
problem that the weight cannot be adjusted when there occurs 



8 



a request different from at a time of designing the system or 
when there occurs a change in the using environment. 
[0004] 

As mentioned above , according to the conventional methods , . 
there is such a problem that how to use several kinds of biometric 
information is not determined in such circumstances that the 
priority of the user acceptance and the rejection of the other 
person differs depending on the purpose of its use. Further, 
it is necessary to customize the authentication method 
individually in order to .configure an authentication server 
depending on various purposes of use and further tune it 
delicately in order to cope with a change in the environment, 
which is troublesome disadvantageously . The invention is to 
solve the above problems and its ob j ect is to provide an individual 
authentication method and its system capable of satisfying the 
both requests of the user acceptance/rejection of the other 
person and further to provide an individual authentication method 
and its system highly adaptable according to the real using 
environment. 

[0013] 

[Mode for Carrying. Out the Invention] 

This time, an embodiment of the present invention will 
be described with reference to the drawings. Fig. 1 is a block- 
diagram of an individual authentication system showing one 
embodiment of the invention, which comprises a user 1, a user 
terminal 2, a communication network 3, and an authentication 
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server 4. The authentication server can be referred to as a 
center system. The user terminal 2 comprises an input unit 21, 
a preprocessor 22, a display 23, and a using order memory 24, 
and the preprocessor 22 includes N pairs of different sensors 
(sensor 1 (221)., sensor 2 (222), sensor N (223)) and 

corresponding' characteristic extracting units (characteristic 
extracting unit 1 (224) , characteristic extracting unit 2 (225) , 
characteristic extracting unit N. (226) ) . The authentication 
server 4 includes a priority setting unit 41 ,.a table for storing 
judgment results 42, a selecting unit 43, a postprocessor 44, 
and a personal characteristic memory 45. . The postprocessor 44 
includes N pairs of matching units (matching unit 1 (441), 
matching unit 2 (442), matching unit N (443)) and 

corresponding judging units (judging unit 1 (444) , judging unit 
2 (445) , judging unit N (446)). 

[0014]. 

According to this individual authentication system, the 
user terminal 2 obtains the physical characteristics , according 
to the information obtained by one of the several sensors, from 
the characteristic extracting unit corresponding to the sensor , 
and the 'authentication server 4 compares the physical 
characteristics with the registered characteristics, hence to 
authenticate the identification. The operation of this 
embodiment will be described by using the processing flow of 
.Fig. 2. In the flow of Fig. 2, especially, a notice is taken 
into the processing of selecting one from several items of 
biometric information and using the same. 
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[0015] 

In Step 501, it is possible to select whether the right 
of selecting which item of biometric information is used, of 
the several items of biometric information, belongs to the 
authentication server 4 or the user 1. This can be selected 
by, for example, a user. When the selection right belongs to 
the authentication server 4, the authentication server 4 
determines the using order k (k=l, 2, N) of the items of 

biometric information. When k=l is set (Step 502), the 
authentication server 4 transmits a message instructing a user 
to enter the k-th item of biometric information, to the display 
23 through the communication network 3 . The user 1 enters the 
k-th item of biometric information from the specified sensor 
of the number N according to the instruction on the display 23. 
The user terminal 2 transmits the extracted characteristics to 
the authentication server 4 through the communication network 
3 and the authentication server 4 performs the authentication 
in the postprocessor 44 (Step 503) . When the user 1 is 
authenticated (Step 504) ,' a message informing the user of the 
acceptance is shown on the display 23 (Step 505) and the processing 
is finished . 
[0016] 

When the user is not authenticated (Step 504) , k is set 
at k=k+l (Step 506) , authentication is performed (Step 503) by 
using the item of biometric information specified next, of the 
biometric information items which have not bee used yet in k 
times of authentication , and the user' s identification is judged 
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(step 504) . When the above processing is repeated, so to use 
the whole specified N items of biometric information (k>N) , and. 
as a result, when the user is not authenticated yet (Step 507) , 
the operation will be retried at . the beginning (Step 508) . 

[0017] 

When the selection right belongs to the user 1, the user 
1 sets the using order k of the biometric information items with 
the input unit 21 (Step 509) . The user terminal 2 is set at 
k=l (Step 510) , and authentication by using the k-th item of 
biometric information is performed (Step 511). When the 
identification of the user 1 is authenticated (Step 512) , the 
operation is accepted (Step 513) , and the processing is finished. 
When the user's identification is not authenticated (Step 512) , 
k is updated to k=k+l (Step 514) , and authentication is repeated 
by changing the items of biometric information to use. Even 
if using all the N items of biometric information specif ied (k>N) , 
when the user's identification is not authenticated (Step 515) , 
the operation will be retried again at the beginning (Step 516) . 
[0018] 

This time, the detailed operation of this embodiment will 
be described by using Fig. 3 and Fig. 4 . Fig. 3 is a view showing 
the processing flow in the case where the selection right belongs 
to the authentication server 4. When the user 1 enters the ID 
number with the input unit 21, it is transmitted to the 
authentication server 4 (Steps 1 and 2) , There is a wide variety 
of the biometric information items including that one having 
the high authentication accuracy or the low authentication 
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accuracy and the user friendly information or the user 
inconvenient information. The item of biometric information 
is selected by the processing in the priority setting unit 41, 
the judgment result storing table 42, and the selecting unit 
43. Here, the outline is described and the details will be 
described later. 
[0019] 

The priority setting unit 41 calculates the security level 
required by the above status and service and determines the degree 
of the respective elements of user acceptance and rejection of 
the other person (Step 3) . The selecting unit 43 determines 
the first item of biometric information to use at first, from 
the N items of biometric information (Steps 4 and 5) , in the' 
following method, according to the degree of the user acceptance 
and the rejection of the other person and the contents of the 
judgment result storing table 42 having the previous 
authentication results of the user 1 by using respective items 
of biometric information, and transmits its name to the user 
terminal 2 and displays it on the display 23 (Step 6) . 
[0020] 

The user 1 enters the same biometric information by using 
the sensor corresponding to the first item of biometric 
' information shown on the display (Step 7) , extracts the 
characteristics by executing a program existing in the 
preprocessor 22 (Step 8) , and transmits the same to the 
authentication server 4. The authentication server 4 receives 
the characteristics (Step 9) , activates a program of the matching 
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unit corresponding to the first item of biometric information, 
so to compare the registered characteristics of the user 1 stored 
in the personal characteristic memory 45 with the transmitted 
characteristics of the first item of biometric information and 
obtain the scale of similarity or difference (Step 10) . The 
judging unit checks whether the above characteristics of the 
first item of biometric information really belongs to the 
identical user , by using the threshold for the above scale , writes 
the judgment result into the judgment result storing table 42, 
and updates the contents thereof. When the judgment result 
really belongs to the identical user , log-in to the user terminal 
2 is accepted (Steps 11 , 12) , when it belongs to the other person, 
it is rejected (Step 13) . When there occurs the rejection, the 
selecting unit 43 determines the second item of biometric 
information to use at second, from the remaining (N-l) items 
of biometric information and transmits its name to the user 
terminal 2, thereby performing the authentication according to 
the second item of biometric information through the above 
processing (Step 14 and the later) . Hereinafter, the above 
processing will be repeated until the user's identification is 
authenticated, and when it is not authenticated even if using 
all the items of biometric information, the operation will be 
retried again at the beginning. 
[0021] 

Fig. 4 shows the processing in the case where the selection 
right belongs to the user 1 . The user 1 enters the ID number 
(Step 1) and sequentially specifies the convenient items of 
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biometric information from 'the viewpoint of efficiency and 
user-friendly operation, enabling the user to be. accepted at 
high accuracy, and then the contents thereof are stored in the 
using order memory 24 (Steps 2 and 3) . Successively, the contents 
of the using order memory 2 4 are read out and a message to the 
effect of inducing the user to enter the first item of biometric 
information appears on the display 23, when the user 1 enters 
the biometric information by using the sensor corresponding to 
the first item of biometric information, executes the program 
existing in the preprocessor 22 , to extract the characteristics , 
and transmits the same to the authentication server 4 (Steps 
4 and 5) . 
[0022] 

Hereinafter, the processing from the matching/ j udgment 
to the user acceptance or rejection is the same as the processing 
in Fig. 3. It is the post-processing in the case of rejection 
that is different from the above; in Fig. 3/ the authentication 
server 4 transmits the name of the biometric information decided 
to be used at. second to the user terminal 2, while in Fig. 4, 
it transmits a notice of the user rejection there (Step 9) . When 
the user terminal 2 receives the notice of the user rejection 
(Step 10) , the user 1 performs the authentication by using the 
second item of biometric information in the same processing as 
mentioned above, the above processing will be repeated until 
the user identification is authenticated (Step Hand the later) , 
and when it is not authenticated even if using all the items 
of biometric information, the operation will be retried again 
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at the beginning. 
[0023] 

Next, the above processing of selecting the biometric item 
will be described in detail . Fig. 5 is a view showing the contents 
of the judgment result storing table 42, where the number T of 
using times and the number R of the times of user rejections 
and the number A of acceptance times of the other person are 
stored for every item of biometric information. The above T, 
R, and A are all set at the initial value of zero. When the 
authentication is performed by using some item of biometric 
information, T corresponding to the item is incremented by 1, 
and as a result of the authentication, when the user 1 is not 
authenticated, R is incremented by 1. Since it is difficult 
to measure the number A of acceptance times of the other person 
in the actual operation, when the user 1 is not authenticated, 
all the characteristics of the users other than the user 1 , stored 
in the personal characteristic memory 45, are regarded as an 
input, and when the input is compared with the characteristics, 
of the user 1 and accepted as the user 1 , A is incremented by 
1 assuming that the acceptance of the other person has been 
performed. Thus, the values of T, R, and A are updated every 
time of authentication. 
[0024] 

Fig. 6 is a constitutional view of the selecting unit 43, 
comprising an estimation function calculating unit 431 and a 
maximum value detecting unit 432. The estimation function 
calculating unit 431 requires the value of an estimation function 
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G of the expression (1) by using the importance a of the 
acceptance of the other person in the user rejection entered 
from the priority setting unit 41 and the using times T, the 
user rej ection times R, the acceptance times A of the other person 
entered from the judgment result storing table 42. 

G=l-(R+aA)/T ••• (1) 

In the second term of the right side of the. expression (1) , A 
is multiplied by the weight ol r in comparison with R . . The second 
term of the right side of the expression (1) is the term for 
penalty , the value of G is more increased according as the values 
of A and R become smaller and when R=A=0 , it takes the maximum 
value 1. The maximum value detecting circuit 432 detects the 
maximum value of the G of the target, displays the item name 
of the . corresponding biometric information on the display 23 
of the user terminal 2, and induces the user 1 to enter the same 
biometric information. Since the G is calculated every time 
of authentication, when the authentication accuracy of the 
biometric information of the user 1 which has been frequently 
used at first falls down with elapse of time, the authentication 
server 4 finds the alternative item of biometric information. 
Even when there is a user having the biometric information similar 
to the biometric information of the user 1 , of many users , since 
the authentication server 4 is designed to use the different 
biometric item from the above , authentication of high reliability 
is possible. When a new user having the similar biometric 
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information takes part in the system halfway, it is possible 
to switch the above biometric information item to the different 
one according to the induction of the authentication server 4. 
As mentioned, above, even when there is a change in the using 
environment, since the system is designed to follow the change, 
stable authentication is always possible. Further, since the 
above operation is automatically performed by the authentication 
server 4, it is not necessary to customize and tune the system 
by man power . - 
[0025] 

F.ig. 3 and Fig. 4 respectively show the procedure in the 
case where the programs of the preprocessing and the 
post-processing are respectively set in the preprocessor 22 and 
the postprocessor 44, and the program of the preprocessing, 
however, can be transmitted by the authentication server 4 and 
Fig. 7 and Fig. 8 show the procedure in this structure. Here, 
the ProGUI and the like used for the following description is 
the symbol indicating each component and hereinafter, the 
component may be referred to only by the symbol in some cases. 
[0026] 

Fig . 7 shows the processing in the case where the selection 
right belongs to the authentication server 4 . The user 1 creates 
a public key Pk (A) and a secret key Sk (A) .of a user and transmits 
the Pk (A) and the ID number to the authentication server 4 (Steps 
1 and 2) . The authentication server 4 receives them (Step 3) 
and sequentially activates the priority setting unit 41 and the 
selecting unit 43 (Steps 4 and 5) , and obtains the first item. 
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of biometric information Bl (Step 6). Further, it reads out 
the GUI control program ProGUI for displaying the input menu 
of the biometric information on the user terminal 2 (Step 7) . 
Further, the authentication server 4 gets the EPk (A) (ProFow, 
SXPro) (Step 8) by encrypting the characteristic extraction 
program ProFow and the scramble program SXPro by Pk (A) ., and 
transmits the Bl, ProGUI, EPk (A) (ProFow, SXPro) to the user 
terminal 2. In the user terminal 2, the ProFow and the SXPro 
are decoded with the secret key Sk (A) (Steps 9 and 10) , the user 
1 enters the information from the sensor corresponding to the 
Bl according to the instruction of the ProGUI (Step 11) to extract 
the characteristics Kaz by executing the ProFow (Step 12) . Next, 
the Kaz is scrambled by the SXPro to get Kaz (-1) (Step 13) , and 
transmits ESk (A) (Kaz (-1) , ID) obtained by encrypting the above 
by ESk (A) , to the authentication server 4 (Step 14) . 
[0027] 

The authentication server 4 decodes the above by 
PK(A) (Steps 15 and 16) , so to take out the Kaz (-1) . . The scrambled 
characteristics Kaz[0] (-1) of the user 1 are read out from the 
personal characteristic memory 45 (Step 17) , and the Kaz and 
Kaz[0] are decoded by the scramble decoding program SXPro (-1) 
(Step 18) . Thereafter, a series of the processing of activating 
the matching unit and the judging unit for authentication is 
the same as that in. Fig. 3. 
[0028] 

Fig. 8 shows the processing in the case where the selection' 
right belongs to the user 1. The user 1 sequentially specifies 

19 



the convenient items of biometric information from the viewpoint 
of efficiency and user-friendly operation, enabling the user 
to be accepted at high ' accuracy , and stores the above in the 
using order memory 2 4 . The user 1 transmits the public key Pk (A) 
and the ID number of the user and the Bl read from the using 
order memory 24 to the authentication server 4 (Steps 1 to 3) , 
extracts the characteristics Kaz . by using the characteristic 
extraction program ProFow of the Bl returned from the 
authentication server 4 (Steps 4 to 9) , and transmits the data 
scrambled by the scramble program SXPro and the name of the first 
item Bl read from the using order memory 24 , to the authentication 
server 4 (Steps 10 and 11). 
[0029] 

Thereafter, the processing of the matching/ j udgment and 
the user acceptance/rejection is the same as the processing of 
Fig. 7 . It is the post-processing in the case of rejection that 
is different from the above ; in Fig. 7, the authentication server 
4 transmits the program ProGUI and ProFow for extracting the 
B2 and the characteristics of the B2 and the scramble program 
SXPro to' the user terminal 2, while in Fig. 8, the B2 is not 
necessary in Fig. 8. When receiving the above data, the user 
1 performs the authentication by using the B2 in the same 
processing as mentioned above, and hereinafter, the above 
processing is repeated until the user identification is 
authenticated, and when it is not authenticated even if using 
all the items of biometric information, the operation will be 
retried again at the beginning. 
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[0030] 

As mentioned above, by dividing the process in the 
individual authentication processing, into the respective 
processing in the terminal and the server, security can be kept 
and the communication amount can be reduced. By encrypting the 
program and transmitting the' same program to the terminal, it 
is possible to change the algorithm easily and further enhance 
the security. ... 
[0031] 

The individual authentication system of the invention is 
not restricted to the above structure shown in Fig . 1 , but various 
structures are possible. For example, it may be formed in the 
structure shown in Fig. 9. This individual authentication 
system comprises the user 1, the user terminal 2, the 
.communication network 3, and the authentication server 4. In 
Fig. 1, the matching units (thematchingunit 1 (441) , thematching 
unit 2 (442), the matching unit N (443)) are provided in 

the authentication server 4, while in Fig. 9, they are provided 
in the user terminal 2 differently. 
[0032] 

In this example, the, selection right of selecting which 
item to use , of several items of biometric information , may belong 
to the authentication server 4 or the user 1 . When the selection 
right belongs to the authentication server 4 , the authentication 
server 4 sets the using order k of the items of the biometric 
.information (k=l, 2, K, K; the number of the items of biometric 
information to use) . When k=l is set , the authentication server 
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4 instructs the display 23 to show the effect of asking a user 
to enter the biometric information through the communication 
network 3. The user 1 enter s the k-th item of biometric 
information from the specified sensor, of the N sensors , to check 
the matching by using the extracted characteristics, transmits 
the result to the authentication server 4 through the 
communication network 3,. and the authentication server 4 checks 
the user's identification in the judging unit. When the user 
1 is authenticated, a message indicating the acceptance appear.s 
on the display 23 and the processing is finished. When the user 
is not authenticated, k is set at k=k + l,.and the authentication 
is performed in the above procedure by using the biometric 
information of the item specified next. The above processing 
is repeated, and when the user is not authenticated even if using 
all the specif iedN items of biometric information, the operation 
will be retried again at the beginning. 
[0033] 

When the selection right belongs to the user 1, the user 
1 sets the using order k of the items of biometric information 
with the input unit 21 and stores the above into the using order 
memory 24 . The user terminal 2 sets the order at k=l and performs 
the authentication by using the k-th item of biometric 
information. When the user 1 is authenticated, the operation 
is accepted and the processing is finished. When it is not 
authenticated, k is updated to k=k+l , and the information stored 
in the using order memory 24 is read out, and the authentication, 
is repeated by changing the items of biometric information to 
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use. Even when using all the specified N items of biometric 
information , when the user's identification is not authenticated , 
the operation will be retried again at the beginning. 
[0034] 

In this embodiment of Fig. 9, although the matching units 
(the matching unit 1 (441) , the matching unit 2 (442) , ~ , the 
matching unit N (443) ) are provided in the user terminal 2, also 
the judging units (the judging unit 1 (444) , the judging unit 
2 (445) , the judging unit N (446)) may be provided in the 

user terminal 2 and only the judgment result may be transmitted 
to the authentication server 4. Alternatively, the individual 
authentication system may be formed in a standalone system which 
can perform all the characteristic input, the judgment, and the 
selection of the biometric information item. 
[0035] 

A program for realizing the above-mentioned respective 
components can be stored in a storing medium such as a CD-ROM, 
a floppy disk (registered mark) , and the like. The processing 
of the terminal and the authentication server of the invention 
can be performed by installing the program stored in the storing 
medium into a computer. Alternatively, the above program may 
be pre-installed into a computer. 
[0036] 

As mentioned above, although the invention has been 
concretely described based on the embodiment, the invention is 
not restricted to the embodiment , but it is needless to say that 
it can be variously modified without departing from its sprit. 
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[0037] 

[Advantage of the Invention] 

As described above, according to the invention, since the 
priority setting, of the user acceptance/rejection of the other 
person is performed by the user or the authentication server 
and the authentication result of the biometric information in 
the operation process is registered in the table as the statistic 
information and updated every time of authentication, it has 
the advantage of using the optimum item of biometric information 
while keeping the specified priority. Since it is designed to 
update the information automatically, it has the advantage of 
decreasing the trouble in applying this system to various kinds 
of uses and the advantage of applying this system to the changing 
circumstances with elapse of time. 
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Fig. 1 

1 : block diagram of individual authentication system indicating 
one embodiment of the invention 
1: user 

2: user terminal . 
3 : communication network 
4 : authentication server 
21: input unit 
22: preprocessor 

23: display - 

24: using order memory 

41: priority setting unit 

42: judgment result storing table 

43 : selecting unit 

44: postprocessor . 

45: personal characteristic memory 
221 : sensor 1 
222: sensor 2. 
223 : sensor N 

224: characteristic extracting unit 1 
225: characteristic extracting unit 2 
226: characteristic extracting unit N 
441: matching unit 1 
442: matching unit 2 
443: matching unit N 
444: judging unit 1 
445: judging unit 2 
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446: judging unit N 
Fig. 2 

1 : flow chart of the processing of the individual authentication 
system in Fig . . 1 

S501: the selection right of using biometric item belongs to 
which? user authentication server 

S503: authentication by using the k-th item of biometric 
information specified by the authentication server 
S504: the identified user? - 
S505: displaying . "acceptance" 
S508: displaying "retry" 

S509: entering the order k of the biometric information to use 
(k=l, 2, , N) 

S511: authenticated by using the k-th item of biometric 
information specified by a' user 
S512: the identified user? 
S513 : displaying "acceptance" 
S516: displaying "retry" 

Fig. 3 

0: flow chart of communication control in the case where the 
selection right belongs to the authentication server 4 in the 
individual authentication system in Fig. 1 
1 : ID input - 
2: receiving ID 

3: activating the priority setting unit 
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4: activating the selecting unit 

5: determining the first biometric information 

6: receiving the name of the first biometric information 

7: entering the first biometric information 

8: extracting the characteristics of the first biometric 

information ... 

9: receiving the characteristics of the first' biometric 
information 

10: activating the matching unit 

11: user acceptance 

12 : finishing 

13: user rejection 

14: activating the selecting unit 

15: reading out the second biometric information 

16: receiving the name of the second biometric information 

17: hereinafter, repeating (7) and (8) 

18 : ID., . 

19: the name of the first biometric information 

20: first biometric characteristics 

21: the name of the second biometric information 

Fig. 4 . - 

0: flow chart of communication control in the case where the 

selection right belongs to the user 1 in the individual 

authentication system in Fig.. 1 

1 : ID input 

2: setting the biometric information to use 
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3: entering the first biometric information 

4: extracting the characteristic of the first biometric 

information 

5: receiving .the characteristics of the first biometric 
information 

6: activating the matching unit • 

7 : user acceptance 

8 : finishing 

9: user rejection 

10: receiving a notice of the user rejection 

11: reading out the. second biometric information 

12: hereinafter, repeating (3) and (4) 

13: user terminal 

14: authentication server 

15: first biometric characteristics 

16: notice of user rejection . 

Fig. 5 

1 : view showing one example of the judgment result storing table 
42 

2 : using times 

3: user rejection times 

4: acceptance times of the other person 
5: biometric information 1 
biometric information 2 - 
biometric information N 
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Fig. 6 

1: block diagram of the selecting unit 43 
2: judgment result storing table 42 
3: priority setting unit 41 
4: selecting unit 

5: estimation function calculating unit 

6 : maximum value detecting unit 

7: selection result 

8: communication network 

Fig. 7 

0: flow chart of communication control in the case where the 
selection right belongs to the authentication server 4 and the 
program of the preprocessing is transmitted from the 
authentication server 4 in the individual authentication system 
in Fig .1 

1: creating the public key Pk (A) and the secret key Sk (A) of 

a user 

2 : ID input 

3: receiving the Pk (A) and ID 

4: activating the priority, setting unit 

5: activating, the selecting unit 

6: determining . the first, biometric information Bl 

7 : reading out the GUI control program ProGUI 

8: creating EPk (A) (ProFow, SXPro) by encrypting the 

characteristic extraction program ProFow and the scramble 

program SXPro by Pk (A) 
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9: receiving Bl , ProGUI , EPk (A) (ProFow, SXPro) 
10: decoding ProFow and SXPro by Sk (A) 

11: entering Bi according to the instruction of ProGUI 

12: extracting the characteristics Kaz of Bl by using ProFow 

13: obtaining Kaz(-l) by scrambling Kaz by SXPro 

14: creating ESk (A) (Kaz(-l), ID) by encrypting Kaz (-1 ) by Sk (A) 

15: receiving ESk (A) (Kaz (-1 ), ID) 

16: decoding Kaz (-1) by Pk (A) 

17: reading out the registered characteristics Kaz[0](-1) 
scrambled 

18: decoding Kaz, Kaz[0] by the scramble decoding program 
SXPro (-1) 

19: activating the matching unit 

20: user acceptance 

21 : finishing 

22: user rejection 

23: activating the selecting unit 

24: reading out the second biometric information B2 

25: receiving Bl, ProGUI, EPk (A) (ProFow , SXPro) . 

26: hereinafter, repeating (9) and (14) 

25: user terminal 

26: authentication server 

Fig. 8 

0: flow chart, of communication control in the. case where the 
selection right belongs to the user 1 and the program of the 
preprocessing is transmitted from the authentication server 4 
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in the individual authentication system in Fig. 1 
1: setting the biometric information to use 

2: creating, the public key Pk (A) and the secret key Sk (A) of 

a user 

3 : ID input 

3: receiving Pk (A) , ID, and Bl 

4: reading but the GUI control program ProGUI 
5: creating EPk (A) (ProFow, SXPro) by encrypting the 
characteristic extraction public program ProFow and the scramble 
program SXPro by Pk (A) 

6: receiving ProGUI and EPk (A) (ProFow , SXPro) 
7: decoding ProFow and SXPro by Sk(A) 

8: entering Bl according to the instruction of ProGUI 

10: obtaining Kaz(-l) by scrambling Kaz by SXPro 

11: creating ESk (A) (Kaz (-1) , ID) by encrypting Kaz (-1 ) by Sk (A) 

12: receiving ESk (A) (Kaz(-l) , ID) 

13: decoding Kaz(-l) by Pk (A) 

14: reading out the registered characteristics Kaz[0](-1) 
scrambled 

15: decoding Kaz[0] by the scramble decoding program SXPro (-1) 

16: activating the matching unit 

17: user acceptance 

18 : finishing . 

19: user rejection 

20: receiving ProGUI/ EPk (A) (ProFow, SXPro) 

21:. reading out the second biometric information B2 

22: hereinafter, repeating (6) and (11) 
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20: user terminal 

21: authentication server 

Fig. 9 

0: block diagram of the individual authentication system 
indicating another embodiment of the invention 
1 : user 

2: user terminal 

3 :^ communication network 

4 : authentication server 

21: input unit 

22: preprocessor 

23 : display 

24: using order memory 

41: priority setting unit 

42 : j udgment result storing table 

43 : selecting unit 

45: personal characteristic memory 
221: sensor 1 
222 : sensor 2 
223: sensor N 

224: characteristic extracting unit 1 
225: characteristic extracting unit 2 
226: characteristic extracting unit N 
441: matching unit 1 
442: matching unit 2 
443: matching unit N 
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444: judging unit 1. 
445: judging unit 2 
446: judging unit N 
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